Standard Mode

Start a scan quickly with minimal settings

  1. In the NEW SCAN dialog box, select the Standard tab to create a scan with minimal settings.
  2. From the Scan Targets dropdown list, select one of the following:
  • (Default) Website via automatic crawling - This is the simplest option. Simply enter a URL (target host) to scan the whole or a part of the specified application. To scan only specific parts of your application or add multiple hosts, click at the right side of the Targets section.

    Note that some hosts may be unreachable or unauthorized for a direct scan from the cloud:
    - If a host cannot be reached by the engine, select a running Repeater for the scan in the section below.
    - If a host is unauthorized for a direct scan from the cloud, either select a running Repeater for the scan or add a .nex file to the host root directory (read more information here).

    See Scanning a website with a crawler for detailed information.

  • Website via recorded session (HAR file) - Use a pre-recorded session of your interaction with the application (HAR file), which has been created either manually or automatically (using QA tools, such as Selenium to scan your application). This discovery type enables you to define the scope of a scan and ensures complete coverage of the attack surface.

    See Creating a HAR File to learn how to create a HAR file.

    Note that some hosts may be unreachable or unauthorized for a direct scan from the cloud:
    - If a host cannot be reached by the engine, select a running Repeater for the scan in the section below.
    - If a host is unauthorized for a direct scan from the cloud, either select a running Repeater for the scan or add a .nex file to the host root directory (read more information here.

    See Scanning a website with a HAR file for detailed information.

👍

Tip

To enjoy both full automation and deeper attack surface analysis, you can combine Crawling and Recording (HAR) in a single scan.

  • API endpoints via schema - Use an *.yml file to scan APIs. See Scanning API endpoints for detailed information.
  1. From the Repeater dropdown list, select a Repeater (local agent) to use it for the scan. The list only includes the connected Repeaters created for the selected Project. The Repeater is created in the Repeaters tab and serves as a request-proxy between Nexploit and the target hosted on a local network. See On-Premises Repeater (Agent) for more information.

  2. In the Scan Name field, enter a free-text scan name.
    The scan name is assigned automatically based on the name of the specified host or uploaded HAR file. You can change the suggested name if you want.

  3. From the Project dropdown list, select the Nexploit project you want to use for the scan.

📘

Note

You can start a scan ONLY with a project selected. If you do not have any projects in Nexploit, select the Default one.

  1. Once you complete the setup, click Start Scan to start scanning.

    If the maximum number of scans that can be run simultaneously is exceeded, the scan is placed in the queue. The concurrent scans limitation can be set either for the entire organization or for this particular project in the project settings. The new scan will start as soon as you manually stop another running scan or when the current scan is completed.

Did this page help you?